Graduation Thesis Major Accounting – Auditing With Acca Orientation The Process Of Auditing Revenues Section At Financial Institutions Conducted By Ernst & Young Vietnam.docx

FOREIGN TRADE UNIVERSITY FACULTY OF ACCOUNTING AND AUDITING *** GRADUATION THESIS Major Accounting – Auditing with ACCA orientation THE PROCESS OF AUDITING REVENUES SECTION AT FINANCIAL INSTITUTIONS C[.]

THEORETICAL FRAMEWORK ON AUDIT OF REVENUES

Features of financial statements audit of Financial institutions 5 1.1.2 Objectives of financial statements audit of Financial institutions 5 1.2 Characteristics of revenues affecting financial audits of Financial institutions

Auditing, when it first appeared, was understood in a general way as an examination of accounting compliance and the truthfulness and reasonableness of financial statements However, along with the development of the market economy, there are many different definitions of audit, and now the most widely used definition is: “Auditing is the process of collecting and evaluating by evidence of information is examined to determine and report on its compliance with established criteria The audit process must be carried out by qualified and independent auditors.”

The results of the audit of financial statements are used by the related party including the Board of Management, the State, and third parties, but mainly used by the third parties such as shareholders, investors, financial institutions, etc to make economic decisions.

1.1.2 Objectives of financial statements audit of Financial institutions

ISA 200, “Objective and General Principles Governing an Audit of Financial Statements” states: The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in accordance with an identified financial reporting framework.

Specifically, the objective of a financial statement audit is expressed in three aspects:

- First, faithful representation: is financial information and accounting documents that accurately reflect the content, nature and value of the transaction economy arises.

- The second is reasonableness: Financial information and accounting documents that reflect truthfully, necessary and appropriate in space, time and events are recognized by many people.

- The third is legality: Financial information and accounting documents reflect the law, current accounting standards and regime.

The objective of the audit of a financial institution’s financial statements is, therefore, to enable the auditor to express an opinion on the financial institution’s financial statements, which are prepared in accordance with an identified financial reporting framework.

1.2 Characteristics of revenues affecting financial audits of Financial institutions

1.2.1 Overview of revenues of financial statements

Revenue is the total value of economic benefits earned by the enterprise in the accounting period, arising from the enterprise's production, business and service activities, contributing to the increase in equity Revenue includes only the total value of the economic benefits that the enterprise has received or will receive Receipts on behalf of a third party that are not an economic source, do not increase the equity of the business, will not be considered as revenue.

Financial institutions are business entities that provide services as intermediaries for different types of financial monetary transactions There are two main types of them which are banking and non-banking Banking institutions includes

1.3 Audit of revenues in financial statement audit process

To ensure that sufficient and effective audit evidence is collected, appropriate for drawing audit conclusions, with low audit costs, an audit is usually conducted according to a 3-step process of preparing audit, perform audit work, finalize and prepare audit report An audit of a financial institution’s financial statements also follows the same audit process as above Auditing of revenues section is conducted in parallel with other parts of the entire audit process.

Audit planning is the first stage that auditors need to perform in each audit to create the legal conditions as well as other necessary conditions for the audit Audit planning is clearly defined in current standards According to ISA 300, “The audit plan should be sufficiently independent to ensure that it covers all material aspects of the audit, to ensure that potential problems are detected, and that the audit completed on time.”.

1.3.1.1 Prepare for the audit plan

ISA 300 contains a requirement that “The auditor shall undertake the following activities at the beginning of the current audit engagement:

- Performing procedures regarding the continuance of the client relationship and the specific audit engagement.

- Evaluating compliance with relevant ethical requirements, including independence.

- Establishing an understanding of the terms of the engagement.”

The audit process is initiated when the auditor and the audit firm acquire a client On the basis of identifying the client, the audit firm will carry out the necessary work to make the audit plan, including: assessing the audit acceptability,identifying the audit reason of the client, select the staff to perform the audit and make the audit contract.

- Audit acceptability: The auditor must determine if admitting a new client or continuing to audit an existing client raises the risk associated with the auditor's operations, affects the auditor's performance, or negatively impacts the audit firm's reputation This procedure consists of the following steps::

✔ Consider the quality control system: When evaluating it, auditors often examine the audit firm's capacity to serve clients successfully and the auditor's independence.

✔ Integrity of the Board of Directors: Auditors must depend on their own subjective judgment to assess the Board of Directors' integrity If the board of directors lacks integrity, the auditor should not rely on any of the enterprise's management statements or records.

✔ Contact with the predecessor auditor: the auditor must update information from the predecessor auditor about the client and pay attention to the audit risks.

✔ Collecting from other sources of information: information from researching books and specialized journals, examining stakeholders such as financial institutions, legal advisors, etc.

✔ Identify the client's audit reason: In essence, the identification of the client's audit reason is the identification of the users of the audited information and their purposes.

- Making an audit contract: After accepting the audit for the client and considering the above issues, the final step for the preparation stage for the audit plan that the audit firm must perform is to sign the contract audit An audit contract is a formal agreement between an audit firm and a client on the performance of audit and other related services The main content of the audit contract:

✔ Describe the objectives and scope of the audit.

✔ Responsibilities of related parties (Board of Directors and Auditor).

✔ Form of notification of audit results: Audit report and management letter.

✔ Time to conduct the audit.

✔ Bases for calculation of fees for the audit and forms of payment.

1.3.1.2 Understand the client’s business and industry:

During this stage the auditors needs to:

- Understand the financial firms, gain insights into the economy In addition, it is necessary to have an understanding of financial technology, specific accounting systems of financial institutions, internal controls and related parties With the revenues section, the Auditor must gain knowledge of the content of income transactions, specifically information about these transactions, such as types of services, key customers.

- Review the results of the previous year's audit and the general audit file, with copies of the organizational chart, the company's charter, financial and accounting policies Thereby the auditors will find useful information about your client's business.

- Review operations at facilities and conducting interview procedures: helping the Auditor have an overall view of the client's business, the management style of the Board of Directors, facilitating explain accounting data.

- Identify stakeholders with customers through interviewing the Board of Directors, viewing shareholder monitoring books, customer monitoring books, etc., thereby initially predicting problems that may arise with interested parties.

- Anticipate the need for external experts.

Planning the audit

Audit planning is the first stage that auditors need to perform in each audit to create the legal conditions as well as other necessary conditions for the audit Audit planning is clearly defined in current standards According to ISA 300, “The audit plan should be sufficiently independent to ensure that it covers all material aspects of the audit, to ensure that potential problems are detected, and that the audit completed on time.”.

1.3.1.1 Prepare for the audit plan

ISA 300 contains a requirement that “The auditor shall undertake the following activities at the beginning of the current audit engagement:

- Performing procedures regarding the continuance of the client relationship and the specific audit engagement.

- Evaluating compliance with relevant ethical requirements, including independence.

- Establishing an understanding of the terms of the engagement.”

The audit process is initiated when the auditor and the audit firm acquire a client On the basis of identifying the client, the audit firm will carry out the necessary work to make the audit plan, including: assessing the audit acceptability,identifying the audit reason of the client, select the staff to perform the audit and make the audit contract.

- Audit acceptability: The auditor must determine if admitting a new client or continuing to audit an existing client raises the risk associated with the auditor's operations, affects the auditor's performance, or negatively impacts the audit firm's reputation This procedure consists of the following steps::

✔ Consider the quality control system: When evaluating it, auditors often examine the audit firm's capacity to serve clients successfully and the auditor's independence.

✔ Integrity of the Board of Directors: Auditors must depend on their own subjective judgment to assess the Board of Directors' integrity If the board of directors lacks integrity, the auditor should not rely on any of the enterprise's management statements or records.

✔ Contact with the predecessor auditor: the auditor must update information from the predecessor auditor about the client and pay attention to the audit risks.

✔ Collecting from other sources of information: information from researching books and specialized journals, examining stakeholders such as financial institutions, legal advisors, etc.

✔ Identify the client's audit reason: In essence, the identification of the client's audit reason is the identification of the users of the audited information and their purposes.

- Making an audit contract: After accepting the audit for the client and considering the above issues, the final step for the preparation stage for the audit plan that the audit firm must perform is to sign the contract audit An audit contract is a formal agreement between an audit firm and a client on the performance of audit and other related services The main content of the audit contract:

✔ Describe the objectives and scope of the audit.

✔ Responsibilities of related parties (Board of Directors and Auditor).

✔ Form of notification of audit results: Audit report and management letter.

✔ Time to conduct the audit.

✔ Bases for calculation of fees for the audit and forms of payment.

1.3.1.2 Understand the client’s business and industry:

During this stage the auditors needs to:

- Understand the financial firms, gain insights into the economy In addition, it is necessary to have an understanding of financial technology, specific accounting systems of financial institutions, internal controls and related parties With the revenues section, the Auditor must gain knowledge of the content of income transactions, specifically information about these transactions, such as types of services, key customers.

- Review the results of the previous year's audit and the general audit file, with copies of the organizational chart, the company's charter, financial and accounting policies Thereby the auditors will find useful information about your client's business.

- Review operations at facilities and conducting interview procedures: helping the Auditor have an overall view of the client's business, the management style of the Board of Directors, facilitating explain accounting data.

- Identify stakeholders with customers through interviewing the Board of Directors, viewing shareholder monitoring books, customer monitoring books, etc., thereby initially predicting problems that may arise with interested parties.

- Anticipate the need for external experts.

The auditor must perform analytical procedures when planning the audit and the overall review phase of the audit According to ISA 520, “Analytical procedures means evaluations of financial information made by a study of plausible relationships among both financial and non-financial data.”

Perform preliminary analytical procedures at the planning stage to:

- Gain an understanding of the content of the client's financial statements and recent significant changes in accounting and business operations occurred since the last audit.

- Enhance the auditor's understanding of the client's business and help the auditor identify doubts about the client's ability to continue as a going concern.

- Assess the presence of possible errors on the financial statements of the enterprise.

1.3.1.4 Assessment of materiality and audit risk

In International Auditing Standard 320, materiality is defined as follows:

“Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.” The assessment of materiality is a fundamental and important step, the auditor needs to estimate the acceptable level of misstatement of the financial statements, determine the scope of the audit, and evaluate the impact of misstatements on the financial statements to that determines the nature, timing, and extent of audit investigations. From the estimation of materiality of the financial statements, the auditor allocates materiality to the item An initial assessment of materiality helps the auditor plan to obtain appropriate audit evidence The work steps are as follows:

- Determine the criteria used to estimate materiality.

- Determine the selected criteria value.

- Select the corresponding ratio to determine the overall materiality.

- Determine overall materiality = Criterion value x Percentage

- Determine the level of performance materiality.

- Determine the threshold of insignificant error.

- Select the level of materiality applicable to the audit.

- Re-evaluate materiality At the same time, the auditor also gave the reasons for choosing the criteria and the reasons for the change compared to the previous year The criteria used to calculate materiality can be: revenue,profit before tax, equity, total assets Corresponding to each criterion, there will be a corresponding scale frame The choice of ratio is influenced by the auditor's judgment and evaluation of the internal control system.

ISA 200 indicates that: “The assessment of risks is based on audit procedures to obtain information necessary for that purpose and evidence obtained throughout the audit The assessment of risks is a matter of professional judgment, rather than a matter capable of precise measurement.”

Audit risk is determined based on the formula:

Audit risk = Risks of material misstatement x Detection risk, in which risks of material misstatement include inherent risk and control risk.

Inherent risk is the possibility that each transaction or item in the financial statements will contain material misstatements, either individually or in aggregate, with or without an internal control system.

Control risk is the possibility that a material misstatement will occur as a result of the failure or ineffectiveness of the internal control system to detect and prevent such misstatements.

Detection risk is the possibility that material misstatements in the financial statements will occur that are not detected and prevented by the internal control system and are not detected by the Auditor during the audit.

In financial institution audit, the most effective audit method is risk-based audit Risk analysis helps auditors to plan an appropriate audit, without missing important points that need to be audited Auditors need to analyze the risks related to lending activities to serve to determine the corresponding audit risks.

1.3.1.5 Internal control system and control risk assessment

Implementing the audit

Performing an audit is the process of collecting audit evidence of a revenue item to serve as a basis for giving an audit opinion on this item This phase mainly includes understanding and evaluating the internal control system, performing tests of controls, and substantive tests on the revenues that affected items on the financial statement It is the proactive and active implementation of audit plans and programs to express an unbiased opinion on the truthfulness and reasonableness of the financial statements based on sufficient audit evidence Performing an audit of revenues is conducted according to predetermined work steps in the audit planning phase, usually conducted in 2 steps:

The auditor must have an adequate understanding of the internal control system in order to plan the audit and determine the nature, timing and extent of the audits If the client has a good internal control system, the audit evidence that the auditor must collect is less because the control risk for that client is low and vice versa.

The execution of tests of controls designed for the entire financial statement as a whole is not only to verify the effectiveness of the internal control system, but also as a basis for determining the extent of substantive tests on the balances and operations of the unit The evaluation of the internal control system for revenues is also carried out in four steps:

First, collect an understanding of the internal control system for revenues and describe the internal control system in detail on the working papers.

Second, the initial assessment of revenues control risk Control risk is assessed through the understanding of the internal control system conducted above.

If the internal control system for revenues is designed and operated effectively, control risk is underestimated and vice versa.

Third, perform a controlled experiment The purpose of this test is to gather evidence of the existence of rules and procedures to reduce substantive tests on revenues balances and transactions For evidence that leaves a “trace” is often used to re- examine relevant documents or re-implement control procedures; and for the evidence that does not leave "trace", usually observe or interview the procedures related to debt.

Fourth, make a table to evaluate the internal control system Audit objectives for revenues; information describing the revenue situation; the nature and materiality of the respective risks; principles for the design and operation of control procedures; evaluate the internal control system for this item.

Substantive testing is a significant audit procedure designed to detect material misstatements at the assertion stage Substantive procedures consists of two main procedures: Analytical procedures and Test of details.

- Analytical procedures for revenues: performed for each item according to a pre-designed audit program Depending on the audit program of each company, the analytical procedures are also different, but in general, horizontal and vertical analysis methods are still used

• Horizontal analysis (Trend analysis): Horizontal indicators related to revenue include:

▪ Make a table of revenue by month, by quarter, by branch, by tax rate (output value-added tax), by each type of revenue in relation to corresponding costs, and output value-added tax Identification of unusual increase or decrease in revenue during the audit period.

● Compare the revenue of this period with the previous period, with the planned revenue of each month, each quarter, if there is an abnormal fluctuation, it is necessary to find out the cause of each such change.

• Forecast analysis: The auditor can estimate the value of the current year’s revenue based on the previous year's data to adjust for this year's changes or develop a separate estimate model.

• Ratio analysis: financial ratios commonly used in revenue analysis of financial institutions is

Net profit ratio = Revenue−Operating expenses

This ratio reflects the profitability of the business The higher the gross profit ratio, the greater the profitability of the business Auditors can compare this ratio of the enterprise over the years or with other enterprises in the same industry.

• Analytical procedures at this stage include comparison of information about revenues by business period, each loan object; compare the actual payable interest expenses with the plan and estimate; compare short-term and long- term loans with each other.

- Test of details for revenues: is the application of specific technical measures of the reliability test of the job test and the direct test of the balance to audit each item or transaction that makes up the balance on the item or type of transaction For each specific item, depending on the audit objective, the auditors design detailed examination procedures accordingly The following are detailed audit procedures designed for the revenues section:

• Transaction test: is a detailed examination of some or all arising transactions, usually used when the arising number of accounts is small, accounts have no balance or in unusual cases.

• Balance test: is a check to assess the truthfulness of the balance of accounts, usually conducted by selecting samples to check by appropriate methods

Occurrence - Reconcile the revenues recorded on the general ledger with relevant original documents such as purchase orders, contracts, quotation documents

- Select a sample of transactions and check the paying process. Payment vouchers are proof that the transaction has actually occurred.

- Inspect if revenue recognition has been complied with accounting standards.

Completing the audit

The auditor must prepare for the completion of the audit, prepare the audit report on the financial statements and the management letter, if applicable During this period, the auditor must also conduct an assessment of transactions and events arising after the balance sheet date that may affect the financial statements.

Issues discovered in the process of performing the audit are reviewed, evaluated, discussed in the audit team to give reasonable opinions for the issuance of the audit report and management letter

In the audit report, the auditor presents opinion on the true and fair of the items related to the lending process in the client's financial statements on the basis of the audit results and the audit evidence obtained by the auditor.

PRACTICE OF AUDIT OF REVENUES IN FINANCIAL

General introduction of Ernst & Young Vietnam

Ernst & Young Global Limited, headquartered in London, United Kingdom, is an international professional services network EY is one of the "Big 4" accounting companies and is one of the world's largest professional services networks EY operates as a network of member firms which are separate legal entities in a partnership Formed as a result of several mergers of older firms, the earliest one dating back to 1849, EY’s current partnership was formed in 1989 as Ernst & Whinney merged with Arthur Young & Co.

Ernst & Young provides audit services for more than 100 of the 500 Fortune companies and consistently achieves exponential revenue and leads competitors in tax services and technology The slogan “Building a better working world” and considering the human factor the most important factor has created an environment that fosters growth and helps employees develop new skills and knowledge.

Ernst & Young Vietnam Company Limited is a member of the Ernst & Young Global Ernst & Young Vietnam is the first 100% foreign-owned accounting and professional services firm in Vietnam with its establishment in 1992 following investment licenses granted by the Ministry of Planning and Investment.

Currently, Ernst & Young Vietnam has representative offices in two cities, Hanoi and Ho Chi Minh City:

● In Ho Chi Minh (Headquarter): 20th floor, Bitexco Financial Tower, 2Hai Trieu, Ben Nghe, District 1, HCMC.

● In Hanoi: 8th floor, Cornerstone Building, No 16 Phan Chu Trinh, Phan Chu Trinh Ward, Hoan Kiem District, Hanoi.

While constantly growing its market and operating scale, Ernst & Young Vietnam also maintains regular connect with branch offices in other countries, as well as EY's worldwide assistance, to develop human resources in the country, transfer human resources, share and accumulate expertise As a result, EY Vietnam has been the most profitable accounting firm in Vietnam in recent years.

Organizational structure

Figure 1.1: Structure of organization in EY Vietnam

General Director: oversees all areas of the company's operations in Vietnam, administers the operations of the office in Ho Chi Minh City and evaluates departmental operations through the Deputy General Director General Director is the legal representation before the State and when dealing with consumers in the Hanoi office.

Deput y General inistra Adm tive

H uma Mark Accou ofess Pr ional udit A

& Tax ansac Tr tion Other

The Deputy General Director: represents the General Director and is in charge of all operations at the company's Hanoi office The Deputy General Director is responsible for overseeing the office's operations, promoting the Board of Directors' strategic business strategies, and reporting on service performance on a regular basis.

The professional and administrative departments make up the company's organizational structure Each department has been subdivided into smaller divisions that are responsible for different aspects of EY's operations:

● Assurance Services include Financial Auditing, Financial Accounting Consulting Services, and Forensic & Integrative Accounting Services.

● Tax consulting services include transfer pricing, international tax, tax compliance in business, international personnel tax, global trade, indirect tax, risk consulting and tax accounting, technology application in tax and digital transformation, transaction tax.

● Consulting Services include four types of services such as actuarial, IT- related risk consulting and assurance, risk management consulting and operational performance improvement.

● Strategy & Transaction Consulting Services (Strategy & Transaction) including business valuation, due diligence, business restructuring, merger & acquisition (M&A)

EY's administrative divisions include Human Resources, Marketing, and Accounting, all of which support the company's internal operations and activities.

Additionally, certain personnel, such as Managers, Seniors, and Staffs, are actively involved in the provision of professional services to clients under each division.

This division is organized according to function (client business kinds) or apparatus.

On a functional level, the audit & assurance division is divided into two parts: FSO assurance and Core assurance FSO assurance is in charge of financial institutions such as financial institutions, insurance companies, funds, and other financial institutions, whereas Core assurance is in charge of other industry firms, with four primary lines of business: FDI, SOE, PLC, and JBS.

Figure 1.2: Structure of Audit & Assurance division based on function

Another approach to organize this division's structure is by apparatus, which implies that the top management is a partner, and the lower levels are director, senior manager, manager, senior, and staff. dit & Au Assur

Assuranc FSO e ore C Assur inanci F uran Ins ce & Fin ance

Figure 1.3: Structure of Audit & Assurance based on apparatus

Overview of audit process in financial institution audits performed by

EY conducts the audit on the EY Atlas platform It is a global accounting and financial reporting research system that helps provide standards, audit processes with fast technical data EY Atlas is integrated with EY Canvas which is a global direct audit platform, supporting the fastest storage and updating of relevant industry and audit accounting information.

At this stage, the audit partner and the manager perform a risk assessment and a materiality assessment to develop an appropriate audit plan In addition to the required engagement of the audit partner and manager, other members of the audit team are also considered for staffing planning based on the construction audit program according to EY Canvas.

Based on the construction audit program according to EY Canvas, the planning steps are done according to the process:

- The first is determining the scope of work and selecting the audit team: When the parties sign an audit contract, in addition to the year-end financial statements, the audit team may provide other services such as comments on controls internal, etc Based on understanding of the entity during customer continuation or acceptance and service contracts, including service requirements expectations of those with administrative responsibilities and management, the audit team is established In particular, EY's clients are large financial institutions that often have many subsidiaries in different fields and will be divided into audit groups EY Canvas will help link into one database and make consolidated reports.

⮚ Gaining an understanding of the financial institution's business processes and control environment is extremely important as it will determine whether to depend on the financial institution's internal control system and develop a control program.

⮚ Observation, interview, checking of internal documents and re- implementation will be the procedures done to check the customer's internal control system at EY This helps the auditor to determine whether control at the enterprise level is related to each specific business cycle. Specific work will begin by reading internal documents provided by the Board of Directors.

⮚ Division of duties: At EY, the auditor gathers knowledge about whether there are any discrepancies in duties in the client's control environment. Interview the Board of Directors and review the internal regulations to understand the cyclical assignment of tasks.

- The second is risk assessment and materiality: Auditor will identify risks based on customer knowledge From there, assess the level of risk to solve and implement basic procedures to meet.

- At EY, if the basic test results are not effective, the auditor will review and re- evaluate the combined risks to ensure the quality of the audit contract.

- Therefore, materiality is the maximum amount that the auditor believes the financial statements are imprecise and acceptable for the purposes of the financial statements This is acceptable levels of accuracy and imprecision.

- Planning materiality (PM): this is the amount of error that the auditor sets at the planning stage of the audit as the materiality level of the financial statements Specific ratios will be assessed based on the auditor's professional judgment on the nature of the client.

- Tolerable error (TE): allows the auditor to apply materiality in the plan at the account balance level This error is determined depending on the assessment and expectation of the auditor and is usually set at 50%-75% of overall materiality If the auditor assesses the risk as low, an acceptable error can be selected at 75% PM In contrast, the auditor assesses the risk as high, TE will be set at 50% PM.

- Audit difference: is the amount, any adjustment below it, will be immaterial to the financial statements being audited and is an amount that is consistent with the entity's expectations This indicator is usually set at a small percentage (1%-5%) of the materiality level in the plan.

The auditor needs to determine whether the control is relevant to the audit and, in addition, to find out what the control's objective is in order to take action to prevent, detect, or correct material misstatements at the assertion level It is a procedure to test the effectiveness of controls to assist in mitigating assessed control risk The auditor will use procedures such as document examination, interview, observation, and re- perform of the client's procedure to obtain evidence.

In order to provide sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and to enable them to draw reasonable conclusions on which to base their opinion, auditors design the duration and extent of substantive procedures at the assertion level in response to the composite risk assessment

Analytical procedures commonly used by auditors:

✔ Trend analysis: This involves analyzing changes in the account over time. This procedure is appropriate for making appropriate projections and explanations in the event that the auditor is exposed to fluctuations in the ending balances from time to time.

✔ Reasonableness analysis: This involves checking the validity of accounting information This analytical procedure is appropriate when the auditor wishes to compare the variation of loan principal between months of a year or between years with the variation in interest rates or provisions for credit risk respectively.

Audit of revenues in Financial institution audit performed by Ernst &

In this section, we will delve into the revenues audit process at LMN Securities Company Ltd to clearly illustrate the reality of the revenues audit process in the financial audit of financial institutions at Ernst & Young Vietnam.

LMN is one of the leading securities company in Vietnam with a long history of operations This year is the 3rd year of auditing LMN, so EY has a relatively clear understanding of company and key items that need to be focused.

Customer name: LMN Securities Company Ltd Prepared by: HTL

2 Matters noted in last year's audit N/A

3 Explain why the entity wants audited financial statements and who should use audited financial statements?

II Consider professional competence, ability to have audit engagements and other important issues

1 Is the firm adequately staffed with the necessary expertise, experience and resources to maintain client relationships and perform contracts? x o o

2 Matters noted in last year's audit o x o

3 Is there any indication of a repeat of the matter that led to such an audit opinion this year? o x o

4 Is there any problem in recognizing the real owner of the financial institution? o x o

5 Is there a member of the Board of Directors or the Board of Members who has the ability to influence issues related to audit risk? o x o

6 Do any doubts arise in the course of your work regarding the integrity of the Board of Directors? o x o

7 Any matters about the financial institution's ability to continue as a going concern? o x o

8 Are there any material adverse events, litigation, irregularities and risks associated with the business? o x o

9 Did the previous year's audit uncover a serious defect in the financial institution's internal control system? o x o

10 Is there any sign that the financial institution's internal control system has serious defects that affect the legality, true and fair of this year's financial statements? o x o

11 Are there other factors that the audit firm must consider refusing to perform the audit contract? o x o

III Review of independence and measures to ensure independence of the audit firm and key member engagement team

IV Assess risks related to customers o High Medium o Low

Source: Auditor’s working papers at LMN client

With the experience with the customer and the audit results of the previous year, the level of risk set aside for LMN is moderate for the following reasons:

- First, the auditors conducted a thorough investigation of the internal control system, the client's activities, and the accounting issues of the previous fiscal year The audit team found that the company's operations compared to the previous year were almost unchanged when talking with the financial institution's management.

- Second, the audit opinion is unmodified to the financial statements of 2021.

In addition, Company LMN was conducted a mid-term review by auditing company EY and found no significant issues.

Therefore, the appropriate level of risk associated with the client is considered moderate and is the level EY is willing to accept.

2.3.1.2 Understanding LMN Company’s business environment

Through open sources and documents provided by the client, as well as records from previous years, the auditor gathers information about the client's business and business environment Accordingly, the understanding of LMN Securities Company Ltd is summarized as follows:

Table 2.3: Understanding business environment of LMN Company

Customer’s name: LMN Securities Company Ltd.

Understanding business environment of LMN financial institution

- LMN Securities Company Limited is a limited liability company.

- The financial institution has its head office in Hanoi.

- As of December 31, 2022, the financial institution has: 1 Head Office, 2 branches, 4 representative offices and 5 transaction offices.

II Operating environment and external factors affecting the customer's business

✔ Securities brokerage, margin trading services

✔ Securities custody and securities underwriting services

- Accounting period: from 1 January to 31 December.

- Accounting currency: Vietnam Dong (“VND”), all figures are reported in VND million, rounded to the nearest million.

The financial statements have been prepared in accordance with Vietnamese Accounting Standards, the Vietnamese Accounting System for Enterprises, Circular No 210/2014/TT-BTC dated 30 December 2014 (“Circular 210”) issued by the Ministry of Finance on accounting guidance applicable to securities companies and Circular No 334/2016/TT-BTC dated 27 December

2016 (“Circular 334”) issued by the Ministry of Finance on amending,supplementing and superseding Appendix 02 and Appendix 04 of Circular 210 and the relevant statutory requirements applicable to financial reporting.

- Continue reorganizing the firm and growing selectively, while concentrating resources to develop business operations Strongly improving service quality, developing modern products and services, increasing service income and non- interest income, and enhancing the income structure.

- Implementation of the Restructuring Project for the period of 2020-2023, continued normalization of all elements of operations, development of infrastructure, modernization of information technology, enhancement of risk management capacity, and establishment of standards management and worldwide best practices, reinforcing the company's market-leading position.

Source: Auditor’s working papers at LMN Securities Company Ltd.

2.3.1.3 Determine the scope of work and select the audit group

Based on the contract between the two parties, the auditing company will provide the following services to the financial institution:

- Financial audit: Auditing the financial statements for the fiscal year ended on December 31, 2022 according to Vietnamese accounting standards;

- Management letter: Support the company to determine the weaknesses of the accounting system and internal control, the impact of those weaknesses along with improvement recommendations;

Based on EY's experience and standards, the company has established an audit group including: 01 Partner, 01 Senior Manager, 02 Senior, 04 Staffs, 02 Interns.

Each group member will be required to be independent and sign independently Due to the fact that EY Vietnam audited the financial institution in the previous fiscal year, the auditing firm will attempt to include auditors with experience auditing clients in the group to assure the quality and progress of the audit job.

2.3.1.4 Understand the control environment and internal control system

- Observe the internal control environment:

✔ The management board has sufficient capacity and qualifications, the Board of Directors has integrity in company management, attaching importance to employees and ethical acts The Financial institution Board of Directors always aims to build a professional working style and build a culture to get customers as a focus.

✔ Awareness of internal control management, management style.

✔ The participation of the Board of Directors in the control activities of the business.

✔ The key personnel has sufficient capacity and experience working in the financial institution.

✔ The chief accountant directly participates in the company's daily accounting activities and regularly updates changes in accounting policies Quarterly, financial institutions synthesize profits and losses to report to the Board of Directors.

- Evaluation of the accounting system:

✔ The completeness of accounting vouchers and accounting books.

✔ Existing policies about accounting vouchers.

✔ Effective in storing, processing and providing accounting information The financial institution records in the form of scan and hard version.

- Considered efficiency of control procedures based on factors:

✔ There is specialization of functions and tasks between departments.

✔ LMN's activities are considered and approved by step by step Any credit approval is divided into several levels for approval.

From the above factors, evaluate the effectiveness of the financial institution's internal control system and make appropriate audit plans.

Table 2.4: Obtain knowledge of LMN company’s internal control

1 Observe the internal control environment

- The management board has sufficient capacity and qualifications

- Awareness of internal control management, management style

- The participation of the Board of Directors in the control activities of the business

- Enhance the quality of employees

- The Board of Directors has integrity in company management, attaching importance to employees and ethical acts. The Financial institution Board of Directors always aims to build a professional working style and build a culture to get customers as a focus.

- The key personnel has sufficient capacity and experience working in the financial institution.

- The chief accountant directly participates in the company's daily accounting activities and regularly updates changes in accounting policies Quarterly, financial institutions synthesize profits and losses to report to the Board of Directors.

- The financial institution's personnel policy is clear.

2 Evaluation of the accounting system

The completeness of accounting vouchers and accounting books

Existing policies about accounting vouchers

Effective in storing, processing and p roviding accounting information

The financial institution records are in the form of scan and hard versions.

3 Efficiency of control procedures based on factors

Specialization There is specialization of functions and tasks between departments.

Authority and approval Financial institution LMN's activities are considered and approved by step by step. Any credit approval is divided into several levels for approval.

Overview of internal control system

Source: Auditor’s working papers at LMN client

Through the procedures for collecting initial understanding of the internal control system of customers, the auditor assesses the internal control system effectively Although the internal control system is evaluated as an effective operation, but in 2022, the financial institution transforms the accounting software, so the error occurs in the conversion phase On the other hand, the company can still rely on their understanding of the internal control system to deliberately commit fraud.

The potential risk of the revenue item in financial institution audits is considered to be moderate In addition, through the process of understanding the financial institution's internal control system, the auditor decided to rely on the financial institution internal control system.

After discussing the audit risk, the auditor determined the significant risks related to the revenue account as follows:

- Revenue reflected in books and accounting reports is higher than actual revenue

In this case, it is shown specifically that the enterprise has recorded the amounts that do not meet the conditions to be determined as revenue: o The buyer has paid but the business has not provided services to the buyer. o Wrongly classify the revenue on the service basis o Wrongly calculated and recorded data increases revenue compared to figures reflected in accounting vouchers

ASSESSMENTS AND RECOMMENDATIONS TO IMPROVE

Strength

EY Vietnam is applying a very strict audit method with international auditing standards This system of audit methods is updating, adjusting and perfecting in accordance with the context and legal regulations of Vietnam In the current audit market, the quality of audits performed by EY is always appreciated by the following strengths:

- Strict and reasonable organization and structure of the audit team, which emphasizes the independence of the auditors.

Each audit of EY is always staffed in both quantity and quality Each member of the audit team will have a specific task, and the superior will be responsible for checking the performance of the subordinates Such a decentralized inspection system helps to reduce audit risks and ensure the quality of audit standards, thereby helping EY to maintain its reputation during many years of operation in the Vietnamese and international markets.

- Prepare a methodical and detailed audit plan

The audit plan is developed by EY before conducting the audit at the customer EY has an EY Canvas system that stores audit procedures over time and from there unifies a common methodology and guidelines for companies of different sizes.From there, the audit teams can go deeper and come up with appropriate procedures for each company For each section, the plan outlines the documents to be collected and the procedures to be followed to achieve the audit objectives Therefore, the audit is done easily and in the right order.

To ensure the quality of the audit, a large number of samples were selected to perform tests of controls and detailed checks This shows the professionalism and prudence required by auditors as well as audit units, helping EY continue to maintain its leading position in the Vietnamese market.

If other auditing firms do not have an separate audit department for a financial organization or have few employees, the audit service of EY Vietnam has developed to the point of becoming an independent department with more than 100 employees. That's because EY has a list of customers who are financial institutions with the largest market share in Vietnam Specialization makes auditing easier, more proficient, and more efficient.

In addition, EY also has an Audit Quality Review (AQR) After the audit season in March, there will be an audit team from the head office to re-check the audit work of some audit contracts, this ensures that the auditors' operations are efficient, accurate, and effective in accordance with established standards.

Weaknesses

Each audit at EY always focuses on audit quality However, through the process of implementing and observing the actual audit, it can be seen that there are still some problems as follows:

- Unreasonable in the arrangement of personnel:

EY has a huge customer base and that number is always growing In addition, in order to ensure the quality of human resources, the number of employees recruited into the company every year is still limited, not meeting the workload requirements. Therefore, the arrangement of personnel is often unreasonable when an auditor is required to participate in many audits at the same time This not only affects the quality of the audit, but also affects the morale and health of employees.

- Auditors are not able to monitor well with large number of confirmations:

It is easy to see that due to the large number of messages, sometimes it is impossible to control all of them In addition, some branches send confirmation letters very slowly, affecting the progress of report issuance.

- The auditors do not perform substantive analytical procedures with a number of clients:

This procedure is omitted because the auditor considers it unnecessary and time- limited.

- The auditors do not have enough time to conduct test of details completely

During the audit, the auditor does not have much time to check the documents of the selected sample because the client often spends a lot of time to find the documents to provide At the same time, the time budget is limited due to the large number of jobs, so sometimes the audit procedures have not been carried out meticulously.

- The deficiency of the questionnaire used to interview the BOD on internal control.

The questionnaire on internal control related to the service supply cycle and revenue recognition process was prepared in a general and not specific way This may lead to a lapse in the overall assessment of the client's internal control system.

- Subsequent events arising after reporting period:

During completing phase, due to the overload of work to be completed, especially in the busy season of audit industry when the work pressure is very high, the auditors actually may not keep track thoroughly the subsequent events but mainly through keep in touch with clients, which might not be reliable and independent.

Recommendations

To solve the deficiencies in the audit of revenues section while auditing the financial statements, I would like to propose the audit team at EY Vietnam with the following suggestions.

- The biggest problem leading to unreasonable staffing is the number of employees who do not meet the job requirements The company needs to take measures to attract better candidates to the company more For example,organizing seminars and career days to introduce and spread the company's image to students of major universities to strengthen the human resources for the next period.

- Continuously improve the quality of audits by closely monitoring and guiding the work of the auditors who directly perform audits at the client's workplace. Upper- level auditors need to regularly ask the head of the audit team to report on progress to take timely measures to handle issues such as delay, lack of personnel, change in audit strategy, etc.

- During the audit, the auditors should take stronger measures in urging clients to provide necessary documents for the test The auditors can save time by selecting samples to conduct test of detail early to send to customers While waiting for the customer to provide, the auditors continue to perform other substantive procedures At the same time, during this waiting period, the audit team leader should regularly contact the accounting department to ask them to provide documents as soon as possible.

- The audit team should design a more detailed questionnaire related to the service providing process and revenue recognition process of the client to get an objective view of the client's internal control system on the revenue item.

- In terms of substantive procedures conducted on the revenue section, the audit team of EY Vietnam should conduct more analytic procedures to provide more evidences on the uniformity of figures such as:

✔ Ratio analysis: The auditors can calculate the gross profit margin, net profit margin, etc to make comparison between this year and the previous year. And therefore, they can seek for considerable variance, detect abnormal points which need to be investigated further.

✔ Reasonable analysis: The auditors can estimate the total value of revenue of this year to compare with that of previous year in order to detect if there is an unusual movement.

- Subsequent events arising after reporting period: The auditors should pay more attention to keep monitoring events after the reporting date They should prioritize more their time to fully implement the instructions of EY Audit Guide rather than just sending an email to the client to ask or confirm these events.

My thesis with the subject “Audit of loan to customers in Financial Statements of Financial institutions at Ernst & Young Vietnam” outlines the theoretical and practical basis of income recognitions in financial institutions and the audit of the revenues section performed by Ernst & Young Vietnam From there, lessons learned as well as recommendations are drawn to improve the audit of the revenues in particular and the audit process of the financial statements of financial institutions in general Due to the limitation of time, experience and knowledge, the article has many limitations and misstatements Therefore, I look forward to receiving readers' opinions to form better informed judgements.

I would like to express my sincere thanks to PhD Phan Thi Thu Hien and the auditors of EY Vietnam have directly guided, advised and helped me to complete this thesis.